Security Certifications

Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and/or valuable asset, such as a person, dwelling, community, item, nation, or organization.

As noted by the Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3, security provides “a form of protection where a separation is created between the assets and the threat.” These separations are generically called “controls,” and sometimes include changes to the asset or the threat.

Security is said to have two dialogues. Negative dialogue is about danger, risk, threat, etc. Positive dialogue is about opportunities, interests, profits, etc. Negative dialogue needs military equipment, armies, or police. Positive dialogue needs social capital, education, or social interaction.

Certain concepts recur throughout different fields of security:

Assurance – assurance is the level of guarantee that a security system will behave as expected

Countermeasure – a countermeasure is a way to stop a threat from triggering a risk event

Defense in depth – never rely on one single security measure alone

Risk – a risk is a possible event which could cause a loss

Threat – a threat is a method of triggering a risk event that is dangerous

Vulnerability – a weakness in a target that can potentially be exploited by a security threat

Exploit – a vulnerability that has been triggered by a threat – a risk of 1.0 (100%)